MSPs have a responsibility to their customers to protect their data and notify them of breaches and compromises. MSPs should implement best practice cyber security and be transparent when a compromise occurs, including by sharing what steps they are taking to remediate and mitigate the risk of a compromise reoccurring.
MSPs may also have legal obligations under the Notifiable Data Breaches Scheme if personally identifiable information has been breached.
Given the global reach of this compromise, all MSPs should take the following steps to protect both your network and customers’ networks.
1. Determine if you have been affected:
The US National Cybersecurity & communications Integration Centre (NCCIC) has published advice on this threat. APT actors use a variety of ‘living of the land’ techniques to maintain anonymity while conducting their attacks. These techniques include using legitimate credentials, trusted off-the-shelf applications and pre-installed system tools present in MSP networks that are used by system administrators for legitimate processes. For this reason, APT attacks can be difficult to detect.
Organisations should create a baseline for systems, networks and accounts to understand what ‘normal’ behaviour looks like for these systems. System logs should be configured to detect anomalies that may be indicative of abuse of legitimate MSP credentials by an APT actor.
Any anomalies should be carefully investigated and malicious activity reported to the ACSC
2. Take action to counter this threat:
The ACSC strongly recommends you review our PROTECT product for MSPs. This product provides strategies you can use to protect your own network and customer networks that you administer and manage.
3. Sign up
Sign up to the ACSC’s new cyber security program for MSPs.
Contact the ACSC
MSPs are also encouraged to contact the ACSC for assistance.